The protection of the privacy and integrity of the data and resources of a computer is a well-recognized need. However, the best way to protect a computer's data and resources against attacks and intrusion has been the subject of much discussion, debate, and development of the years.
An early approach for securing a computer against the potential dangers of the Internet, which came to prominence in the public eye around 1990, involved the use of a firewall. Early firewalls were software applications which were positioned in the flow of network traffic between a computer and a public network, such as the Internet. The firewall prevented the exchange of certain types of network traffic to any computer behind the firewall. Initially, firewalls were configured to only allow email or SMTP network traffic to be exchanged with devices behind the firewall. Over time, it became desirable for additional types of network traffic to be allowed through the firewall; as such, it became commonplace for firewalls to permit additional types of network traffic (such as FTP and WWW traffic) through the firewall. Firewalls have evolved from consisting of a pure software implementation to being implemented, by certain vendors, as specialized hardware appliances.
As computers became more popular in the home and the workplace, malware began to spread to computers not just through a public network but also through the sharing of portable storage mediums, such as floppy disks. Malware which resides on portable storage mediums could infect a computer not connected to a public network. To combat this new attack vector, antivirus software was developed. Antivirus software is software that analyzes the files of a computer-readable medium to identify any files which have been previously identified as being malicious. Once malicious files have been identified, the antivirus software quarantines and removes the malicious files.
Firewalls and antivirus software currently form the foundation of modern computer security paradigms. Virtually all computer security approaches are enhancements to one or both of the firewall and antivirus software. For example, firewalls have been embellished to look deeper into network traffic to examine the contents of a data packet in determining whether to permit or deny the data packet passage through the firewall. The firewall may be configured to allow certain types of network traffic deemed permissible by a policy (such as work-related HTTP network traffic) but prevent other types of network traffic deemed impermissible by a policy (such as non-work related HTTP network traffic). Other firewalls may allow certain network traffic to pass through the firewall, but will subsequently check each network communication for malware; upon detecting that a network communication (such as an email) which has already past the firewall did contain malware, the firewall alerts the destination of that network communication that it may already have been compromised.
Antivirus software has also been embellished to rely more on the behavior of an executable file rather than considering the file's signature in determining whether the file is malicious. Unfortunately, the current paradigm for protecting the data and resources of a computer using combinations of firewalls and antivirus software has been demonstrated to be ineffectual.